As it is generally known, a cryptographic key (or simply “key”) is used by an encryption circuit or logic to determine how input data is to be encrypted and/or decrypted. For example, a key may specify a particular transformation to be performed on input data during encryption, and/or the reverse process during decryption. Keys may also be used in other types of cryptographic operations, such as generating digital signatures, and/or message authentication.
Both asymmetric cryptography and symmetric cryptography make use of cryptographic keys. Asymmetric cryptography, also known as public-key cryptography, employs key pairs, each of which is made up of two separate but related keys, i.e. a public key and a private key. While the private key must be maintained as a secret by the entity to which the key pair is assigned, the public key is made public. In public-key cryptography, data encrypted using a public key of given key pair can only be decrypted by the private key of the same key pair. The private key may also be used to create a digital signature for a message or other data that can be processed using the corresponding public key to verify that the message originated with the holder of the private key. In contrast, in symmetric cryptography, a single key is used for purposes of both encryption and decryption.
Some existing systems have used a “master encryption key” to encrypt highly sensitive data, such as other cryptographic keys. In order to protect the sensitive data encrypted by a master encryption key, the master encryption key itself must be securely and privately maintained. Otherwise, the security of the sensitive data stored in individual devices and/or across an entire distributed system may be compromised.